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Abstract 

In this paper we investigate the structure of quasi-BCH codes. In the 
first part of this paper we show that quasi-BCH codes can be derived from 
Reed-Solomon codes over square matrices extending the known relation 
about classical BCH and Reed-Solomon codes. This allows us to adapt 
the Welch-Berlekamp algorithm to quasi-BCH codes. In the second part 
of this paper we show that quasi-BCH codes can be seen as subcodes of 
interleaved Reed-Solomon codes over finite fields. This provides another 
approach for decoding quasi-BCH codes. 

keywords: Quasi-cyclic code, quasi-BCH code, BCH code, Reed-Solomon, 
interleaved code 



1 Introduction 

Many codes with best known minimum distances are quasi-cyclic codes or de- 
rived from them ,LS03l [Gra07| . This family of codes is therefore very interesting. 
Quasi-cyclic codes were studied and applied in the context of McEliece's cryp- 
tosystem |McE78| iBCGOOQj and Niederreiter's INie86[ ILDW94] . They permit 
to reduce the size of keys in opposition to Goppa codes. However, since the de- 
coding of random quasi-cyclic codes is difficult, only quasi-cyclic alternant codes 
were proposed for the latter cryptosystem. The high structure of alternant codes 
is actually a weakness and two cryptanalysis were proposed in F DPTIOI lULlO] 
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1.1 Our contributions 

In this paper we investigate the structure of quasi-BCH codes. In the first 
part of this paper we show that quasi-BCH codes can be derived from Reed- 
Solomon codes over square matrices. It is well known that BCH codes can be 
obtained from Reed-Solomon codes |MS86[ Theorem 2, page 300]. We extend 
this property to quasi-BCH codes which allows us to adapt the Welch-Berlekamp 
algorithm to quasi-BCH codes. 

Theorem 1. Let T G M£xi{¥qs) be a primitive m-th root of unity and C ~ 
Q-BCH^(m, ^, (5, r). Then there exists a RRS code TZ over the ring Mixei^q^) 
with parameters [n,n — S + ^Mi^iiw s) '^'^'^ ¥q-linear, Fq-isometric embedding 

ij -.c^n. 

In the second part we show that quasi-BCH codes can be seen as subcodes 
of interleaved Reed-Solomon codes. 

Theorem 2. The quasi-BCH code C over ¥q is an interleaved code of £ sub- 
codes of Reed-Solomon codes over W^^' in the following sense: there exists i 
Reed-Solomon codes Ci, . . . ,Ci over ¥q and an isometric isomorphism from C, 
equipped with the £-block distance, to a subcode of the interleaved code with re- 
spect to Ci, . . . ,Ci. 

1.2 Related work 

In |LF011 ILSOl) , £-quasi-cyclic codes of length m£ are seen as -R-submodules of 
R^ for a certain ring R. However, in |LF01j . Grob ner bases are used in order 
to describe polynomial generators of quasi-cyclic codes whereas in [LSOlj . the 
authors decompose quasi-cyclic codes as direct sums of shorter linear codes over 
various extensions of Fg (when gcd(m, g) = 1). This last work leads to an 
interesting trace representation of quasi-cyclic codes. In ICCNlOj . the approach 
is more analogous to the cyclic case. The authors consider the factorization of 
X™ — 1 £ Mg{Fq)[X] with reversible polynomials in order to construct ^-quasi- 
cyclic codes canceled by those polynomials and called f7(P)-codes. This leads 
to the construction of self-dual codes and codes beating known bounds. But the 
factorization of univariate polynomials over a matrix ring remains difficult. In 
[Challj the author gives an improved method for particular cases of the latter 
factorization problem. 

2 Prerequisites 

2.1 Reed-Solomon codes over rings 

We recall some basic definitions of Reed-Solomon codes over rings in this section. 
We let A be a ring with identity, we denote hy the group of units of A and 
by Z{A) the center of A, the commutative subring of A consisting of all the 
elements of A which commutes with all the other elements of A. We denote by 
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A[X] the ring of polynomials over A and by ^[X]<fe the polynomials over A of 

degree at most k — 1. 

Definition 1. Let 

d 

f = Y,fiX'&A[X] 

i=0 

be a polynomial with coefficients in A and a € A. We call left evaluation of / 
at a the quantity 

d 

f{a) := J2 fia' G ^ 

i=0 

and right evaluation of / at a the quantity 

d 

(«)/ ■=^a'fi€A. 

i=0 

Remark 1. For f,g& A[X] and a G A, we obviously have f{a) = {a)f when- 
ever a € Z{A), if + g){a) = f{a) + g{a), {a){f + g) = {a)f + {a)g. If a 
commutes with all the coefficients of g we also have {fg){a) = f{a)g{a) and 
{a){gf) = {a)g{a)f. 

Definition 2. Let < k < n be two integers. Let {xi, . . . ,Xn) and v = 
{vi, . . . ,Vn) be two vectors of A^ be such that Xi—Xj G and XiXj = XjXi for 
all i ^ j and Vi € A^ for all i. 

The left submodule of A" generated by the vectors 

{f{xi) • ui, . . . , f{xn) ■ Vn) G ^" with f G A[X]<k 

is called a left generalized Reed-Solomon code (LGRS) over A with parameters 

[v, x, k]A or [n, k] if there is no confusion on x and v. 
The right submodule of A" generated by the vectors 

{Vi ■ {Xi)f, ...,Vn- {Xn)f) S A" with f € A[X]<fe 

is called a right generalized Reed-Solomon code (RGRS) over A with parameters 
[v, X, k]A or [n, k] if there is no confusion on x and v. The vector x is called the 
support of the code. If v ~ (I, . . . ,1), the codes constructed above are called left 
Reed-Solomon (LRS) and right Reed-Solom,on (RRS) codes. 

Definition 3. Let x = {xi,. . . ,a;„) € A^ . We call the Hamming weight of x 

the number of nonzero coordinates. 

w{x) :== w{xi, . . . , Xn) = \{i : x^ ^ 0}| . 
Let y = [yi, . . . ,yn) G The Hamming distance between x and y is 

d{x,y) ^ w{x ~y) ^ \{i : Xi ^ Xj}\ . 
The minimum distance of any subset S C A^ is defined as 
min {d{x, y) : x,y € S and x ^ y} . 
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Proposition 1. A LGRS (resp. RGRS) code is a free left (resp. right) submod- 
ule of A^^ . A LGRS (resp. RGRS) code with parameters [n,k] has minimum 
distance n — k + \. 

Proof. It suffices to see that the maps 

A" — > 

(ai,...,a„) I — )■ (fliwi, . . . , a„w„) 
(oi,...,a„) I — > (uifli, . . . , u„a„) 

are respectively left and right isometric automorphisms of A". □ 

2.2 Quasi cyclic and quasi BCH codes 

Quasi cyclic codes form an important family of codes defined as follow. 
Definition 4. Let T : — > to he the left cyclic shift defined by 

T(ci, C2, . . . , C„) = (C2, C3, . . . , Ci). 

We call f-quasi-cyclic code over Fq of length n any code of length n over ¥g 
stable by T^. If the context is clear we will simply say £-quasi-cyclic code. 

We will focus in this paper on quasi-BCH codes which form a subfamily of 
quasi-cyclic codes. They can be seen as a generalization of BCH codes in the 
context of quasi-cyclic codes. For we need primitive roots of unity defined in a 
extension of F^, say ¥qs to construct BCH codes over F,. 

Proposition 2. Then there exists a primitive q'^^ — l-th root of unity in Me{¥q3). 

Proof. The proof can be found in |BCQ12b{ Proposition 16, page 911]. □ 

Definition 5. Let T be a primitive m-th root of unity in A/^(Fqs) and 6 < m. 
We define the £-quasi-BGH code of length m£, with respect to T, with designed 
minimum distance S, over ¥q by 

Q-BCIlq{m,i,S,T) 

m-l 

(ci, . . . , c™) G {¥'^r ■■ E ^Ofori^l,...,S-l\. 

1=0 J 

Note that Q-BCH^(to, i?, (5, F) is a quasi-cyclic code. 

Definition 6. The £-block weight of {xu, . . . , xu, . . . , Xmi, • ■ • , Xme) G F™^ is 
defined to be 

Block-W£(x) := |{i : {xn,. . . ,Xii) ^ 0}| . 
The ^-block distance between y e F™^ is defined to be Block-w^(a; — y). 
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3 Reed-Solomon codes and quasi-BCH codes 



3.1 The relation between quaisi-BCH and Reed-Solomon 
codes 

We show in this section that under certain assumptions on the support of Reed- 
Solomon codes, the dual of a LRS code is a RRS code. From this fact we 
show that quasi-BCH can be constructed from Reed-Solomon codes over square 
matrices rings. In this Subsection we let A designate a finite ring with identity. 

Definition 7. Let x — {xi, . . . ,Xn) and y = {yi, . . . ,yn) be two vectors of A" . 
The inner product is defined as 

n 

{x,y) := ^Xiyi. 

i=0 

Remark 2. Let S be a subset of A". Then the set {a; e A" : Vs e S, {s, x) = 0} 

denoted by S*-*- is called the right dual of S and is a right submodule of A^ . 
Similarly, Let S be a subset of A". Then the set {x £ A" : Vs G 5, (a;, s) = 0} 
denoted by^S is called the left dual of S and is a left submodule of A^ . Note that 
for all x,y € A^ and jj. € A we have {x, y) = {fix, y) and {x, y) fi= {x, y/j,). 

Definition 8. We say that a € A is a primitive m-th root of unity if a"^ = 1 

and VO < i < m, (a* - 1) G . 

Remark 3. Let x = (1, 7, 7^, . . . , 7"*"^) g A"^ where j is a primitive m-th root 
of unity. Then a RRS or LRS code whose support is x is cyclic. 

Proposition 3. Let ^ & A be a primitive m-th root of unity. Let x = 
(1,7,72, . . . ,7™-i) G A". Then the right (resp. left) dual of the LGRS (resp. 
RGRS) code with parameters \x,x,k]j^ is the RRS (resp. LRS) code with pa- 
rameters [x, n — k]A. 

Proof. We denote respectively by £ and TZ the left generalized Reed-Solomon 
code with parameters [x, x, k]A and the right Reed-Solomon code with parame- 
ters [x, n — k]A. 

First note that C is generated by the vectors 

(l,7\7'\.--,7(™-'^^)fori = l,...,/c 

and that TZ is generated by the vectors 

(l,7\72',...,7(™-i)') for z = 0,...,n-fc-l. 

And we have for < i + j < n — 1 in the commutative ring 2'(A)[7] 

m-l m-1 . _ f i+j+iyn 

5 



Therefore, by Proposition [T] and Remark [51 £^ C 7?. and ^TZ C C 

Again by Proposition [T] and Remark [2] an clement x G A" lies in if and 
only if 



/I 1 1 

1 7 -^2 

1 : : 



1 

(fc_l)(™_l) 



1 



V 



\xn) 



But in the commutative ring Z(j4)[7] the matrix 



= 0. 



(1) 



H 



1 1 1 

1 ^ ^2 

1 : : 



1 

^2(fc-l) 
,(fc-l)(fc-l) 



e A4xfc(Z(A)[7]) 



is invertible. Therefore H is also invertible in Mfcxfc(^) and thus induces a 
group automorphism of A'^ . If we let xh — [xi, . . . , Xfc), xu — {xk+i, • ■ • , a;„), 
we can rewrite equation ([1]) as 



H U 



XU 



= and ( iJ 



XH 





= - ( Q\u 



xu 



For each choice of xu we have only one possible value for xh- Thus l^"*"! = 
|^|n-fe _ |-^| |-jy Proposition [T] and therefore £^ = 7^. Similarly, we have 
^7^ = £. □ 

Theorem 3. Let F G M^x^ClFgs) &e a primitive m-th root of unity and C = 
Q-BCH^(m, (5, F). Then there exists a RRS code TZ over the ring AIiy^i{¥qs) 
with parameters [n,n — S + IJm^xK^ ») ^^'^ ¥q-linear, Fq-isometric embedding 
ip -.C ^TZ. 



Proof. A parity-check matrix of C is 



H 



h 



F 
F^ 



pm — 1 
p2(m-l) 

r('5-i)(™-i) j 



G Af(5_i)^_m£(Fgs). 



Remark that iJ is a generator matrix of the LGRS code with parameters 
[x, x,5 — 1] Af4x<!(F,s ) O'^G^ the ring Miy^iiWq^ ) and by Proposition [3] its dual is the 
RRS with parameters [x,6 — IJa/^xK^ »)• 
Now let 



i!:C 

(Cii, . . . , Ci£, . . . , Cml, • • • , Cm£) 



{M,yt{¥qs)y 

/cii . 



Vcw 



\Cmf 
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Obviously, ip is Fg-linear, injective and isometric and by the above remark we 
have iP{C) CTZ. □ 



Theorem |3] generalizes the well-known fM S86[ Theorem 2, page 300] relation 
between BCH codes and Reed-Solomon codes. The above relation will allow us 



3.2 The Welch-Berlekamp algorithm for quasi-BCH codes 

In this Subsection we let A designate a finite ring with identity. Before giving 
the Welch-Berlekamp decoding algorithm, we need to define what the evaluation 
of a bivariate polynomial over A is. Let Q = J2 QijX'^Y^ G A[X, Y] be such a 
polynomial. We define the evaluation of Q at (a, b) G to be 



Be careful of the order of a, b and Qi.j. This choice will be explained in the 
proof of Lemma [TJ Let / G j4[X], we define the evaluation of Q at f to be 



As in the univariate case, the evaluation maps defined above are not ring ho- 
momorphisms in general. 

Lemma 1. Let g G ^i-'^]; Q G ^[-'i^, ^] of degree at most 1 in Y and a G A. 
Then 



to adapt the unique decoding algorithm from |BCQ12al to quasi-BCH codes. 



(a, b)Q = a'hiQ,,, G A. 



{a){{X,g{X))Q) 



(a, {a)g)Q. 



Proof. We write 



Q(X,F) = Qo(X) + 



Qi{X)Y 




The proof is an easy calculation: 




(a, {a)g)Q by definition. 



□ 
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We let C = Q-BCH^(m, £, S, T), r = [^J , n = m, k = n - 5 + I smd 



pr : (M,xf(F,0)' 
/aTi ... al'^^ 

... a 



1 



{a\i, . . . , a]i 



, . . . , I ■ 



Algorithm 1 Welch-Berlekamp for quasi-BCH codes 

Input: a received vector y S F™^ with at most r errors. 

Output: the unique codeword within distance t of y. 
1: (Zi, . . . , Zm) ^ V'(j/) where ■(/' is the map from Theorem [3l 
2: Find Q = Qo{X) + Qi{X)Y e {Mi^i{¥qs)[X])[Y] of degree 1 such that 

1. (P-i, Z,)Q = for alH = 1, . . . , m - 1, 

2. degQo <n-T~l, 

3. degQi <n-r-l-(/c-l). 

3: / ^ the unique root of Q in (M£x£(IFg<i ))[X]<fc such that 

d ((Zi,...,z„), ((/,)/,..., (r"-i)/)) <T. 

4: return pr ((/,)/, (F)/, (r™-i)/) . 



Lemma 2. Let y G F™ 6e a received word containing at most r errors. Then 
there exists a nonzero bivariate polynomial Q — Qo + QiY £ (M^x«(Fgs))[X, Y] 
satisfying 

1. {r'-\Z,)Q = fori = l,...,n. 

2. deg Qo < n - T - 1 . 

5. degQi < n-T - 1 - (fc - 1). 

Proof. We solve the problem with linear algebra over ¥qs. We have, for each 
column of the solution, nl equations and £ [(n — r) + (rt — t — (fc — 1))] = l{n.+ 
1) unknowns by Proposition [TJ □ 

Lemma 3. Let Q E {Mixei¥'qs))[X,Y] satisfying the three con- 
ditions of Lemma [H and f G (Mfx£(Fgs))[X]<fc be such that 
d{{Zi, ((/,)/, . . . , (r™-i)/)) < r. Then (X, f{X))Q = 0. 

Proof. The polynomial {X, f{X))Q has degree at most n — r — 1. By Lcmma[l] 
we have {T^-'^){{XJ{X))Q) = (F'-i, = (F*-i,Z,)Q = for at least 

n — T values oil E {1, . . . ,n}. And therefore we must have (A, f{X))Q = 0. □ 

Proposition 4. Algorithm[l\ works correctly as expected and can correct up to 
errors. 

Proof. This is a direct consequence of Lemmas [2] and [H □ 
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4 Quasi-BCH codes as interleaved codes 



In this Section we prove that quasi BCH codes can be viewed as an interleaving 
of classical BCH codes. We fix for this Section F G Mixe{Pq=) a primitive m- 
th root of unity and C = Q-BCH^(to, ^, (5, F). We first recall the definition of 
interleaved codes. 

Definition 9. Let Ci, . . . , be error correcting codes over ¥q. The interleaved 
code C with respect to Ci, . . . is a subset of M^x,„(Fg), equipped with the 
i-bloc distance with respect to the columns, such that c d C if and only if the 
i-th row of c is a codeword of Ci for i — 1, . . . , £. 

Lemma 4. The matrix F diagonalizes over an extension of F^s and its eigen- 
values are all primitive m-th roots of unity. 

Proof. Let F^,. D F,. be the splitting field of - 1. The polynomial X™ - 1 
is a multiple of the minimal polynomial fJ.{X) of F. Hence the egeinvalues of F 
are m-roots of unity. Let P £ GL£(F^s') be such that P~^rP is diagonal. Now 
if an eigenvalue of F has order d < m, then 



p-i(r'' - if)p 



V 



xf J 



is singular as its i-th diagonal element would be zero. Consequently — It ^ 
GLf(F^3') which is absurd. □ 

Theorem 4. The quasi-BCH code C over Fg is an interleaved code of i sub- 
codes of Reed-Solomon codes over F^s' in the following sense: there exists £ 
Reed-Solomon codes Ci, . . . ,Ci over Fg and an isometric isomorphism from C, 
equipped with the l-block distance, to a subcode of the interleaved code with re- 
spect to Ci, . . . ,Ce. 



Proof. We take the notation of the proof of Lemma ID Recall that 
//, F ••• F"-i \ 

p2(m-l) ' 



H 



F 

F2 

nS-l 



p(5-l)(m-l) J 
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is a parity check matrix for C (proof of Theorem [3]) . By Lemma S] we have that 

: ■ 1 r 



(Cii, . . . , Cu, . . . , C„ii, ■ • • , Cmi) G C 

(h r 



fp-i 



p- 



I, 



pm— 1 
p2(m-l) 



p(5-l)(m-l) y 



P- 



Cli 



= 



Let 



Vli 



Vml 



\cmi/ 

and {cii,...,cu,...,Cmi,---,Cm£) e F™^ 
/cn\ 



P- 



Cli 



(2) 



Denote by a the appUcation defined by equation ([2])- Then 

(Cii, . . . , Ci£, . . . , Cml, ■ ■ ■ , Cml) £ C 

ct"^ (vii, . . . , . . . , . . . , e F™^ and for i 1, 



1 A? 



Vl Af- 



A, 



^2(m-l) 
(5-l)(m-l) 



0. (3) 



Then it is straightforward that a is an isometric isomorphism from C equipped 
with the €-block distance and ct(C), which is by equation ^ a subcode of the 
interleaved code with respect to i subcodes of Reed-Solomon codes over Fg. For 
i = !,...,£ take Ci to be the Reed-Solomon code defined by the parity check 
matrix of equation ([3]) . □ 

Note that if the minimal polynomial of F has degree one: T — X ~ X, 
then s' = s and F diagonalizes as Xle- Consequently the Reed-Solomon codes 
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Ci, . . . ,Cf are isomorphic, as they are defined by the same control equations in 
equation ([3]). In such a case, we can apply the result on the correction capacity 
for interleaved Reed-Solomon codes (S SB061 IBKYOT) . 

Corollary 1. There exists a decoding algorithm that is guaranteed to correct up 
to errors. In particular, if the minimal polynomial of T has degree 1 over 
¥qs then it can correct up to j^iS — 1) errors with high probability. 

Proof. Taking the notation of Theorem|4]and if ?; = c + e is a received word, one 
can decode <7{y) with the decoding algorithms of Ci, . . . ,C£ obtaining c' G F™f. 

Then c = cr-i(c'). 

If the minimal polynomial of F has degree 1, then Ci = C2 = ■ ■ ■ — Cf, and 
one can apply the algorithm of |BKY07] or |SSB06] . □ 
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